4

Today's Quanta Magazine article says "But it’s proved difficult to find examples of any algorithms with a clear “quantum advantage” that enables performance beyond the reach of classical machines."

Does factoring integers to break public key cryptography still have an advantage on quantum computers? What about solving NP-complete problems like SAT? Anything else?

Norbert Schuch
  • 6,521
  • 16
  • 27
Martin C. Martin
  • 141
  • 1
  • Hi Martin, welcome to QCSE! Your question seems very similar to many others asked on this site - for example, this one in particular. Can you consider reviewing that question and others, and then editing your posting accordingly, if you still have other, focused questions? – Mark Spinelli Dec 07 '22 at 23:27
  • Close voters, including @MarkS, that question is very different, and the answers are irrelevant. Note the word "practical". The examples in the accepted answer, and in the other answers, are not "practical". Simon's algorithm, is not "practical". – user1271772 No more free time Dec 10 '22 at 15:05
  • @user1271772 "Practical problems" is not the same as "faster in practice"! Factoring is a perfectly practical problem, just that quantum computers are not faster in practice. – Norbert Schuch Dec 10 '22 at 17:24
  • @NorbertSchuch True, and I considered that, but when looking at the essence of the article, and what the quote actually means, I think the new title is the appropriate one to trigger the reopen votes. Again: the "duplicate" question's answers are about non-practical algorithms like Simon's algorithm, so this question shouldn't have been closed in the first place (in my opinion), but with the new title, which seems to more accurate reflect what OP and the article are thinking about, the "duplicate" questions' answers become even more irrelevant. Shor's alg. cannot yet beat classical devices. – user1271772 No more free time Dec 10 '22 at 17:26
  • 1
    I agree with @user1271772. The OP asked a fairly unique question which has nothing to do with theoretical book algorithms that give quantum speedup. – MonteNero Dec 10 '22 at 17:43
  • OP: I think this question can be rephrased to be different than the duplicate, but as it stands it's still not imo. If you ask "are there problems where quantum computers provide an advantage", regardless of the kind of advantage you ask, cases where there is an exponential advantage are obvious examples, hence the duplicate. If you ask instead eg "What are examples of problems where there is a not-necessarily-exponential quantum advantage", or "what are examples of problems where quantum computers provide an advantage in practical applications", or similar, then these are different questions – glS Feb 15 '23 at 09:45

1 Answers1

1

"But it’s proved difficult to find examples of any algorithms with a clear “quantum advantage” that enables performance beyond the reach of classical machines."

The author is commenting on the fact that quantum computers have not solved any real-world problem faster than a classical computer can, even though we know that the number of quantum operations necessary to, for example factor integers, scales more slowly with the size of the problem as the number of classical operations would.

Even though this statement was not written by an expert in the field (it was written by someone who describes herself as a "writing intern" at Quanta Magazine), I agree 100% with her statement. It is true that quantum computers (even the one in Google's "quantum supremacy" experiment) have only been able to do some simple tasks that don't compute anything useful in terms of the purpose of computers.

This doesn't rule out the possibility that some breakthrough in the future might make quantum computing have more clear advantages over classical computing.

"Does factoring primes to break public key cryptography still have an advantage on quantum computers?

There's more than one thing to say here. Number one is that "factoring numbers" isn't enough to "break public key cryptography". It's basically enough to break RSA public key cryptography, but people have already started moving away from RSA. For example my SSH keys to push commits to GitLab use an algorithm based on twisted Edwards curves which is recommended more strongly by GitLab than RSA.

The second thing I'll say is that even if being able to factor large integers were to be enough for breaking all public key cryptosystems (it's not!), you're right that classical computers currently have the practical advantage here. Classical computers have factored huge numbers like RSA-230, whereas quantum devices would probably need millions if not billions of qubits to factor a number of that size. Even Google and IBM do not pretend to have quantum computers with a thousand qubits, let alone the millions or billions of qubits that would be needed in order to have an advantage over classical computers for factoring.

"What about solving NP-complete problems like SAT? Anything else?"

This diagram (from here) shows that the QMA complexity class does possibly have some overlap with the class of NP-hard problems, but is not expected to be able to cover all NP-hard problems:

enter image description here

Therefore, some NP-hard problems may be even too difficult for a perfectly operational quantum computer to solve efficiently!

user1271772 No more free time
  • 13,847
  • 2
  • 25
  • 71
  • @NorbertSchuch Regarding problems in QMA being hard for quantum computers: P is inside QMA, so not everything in QMA is hard for quantum computers. Also please see the last sentence of my answer. – user1271772 No more free time Dec 10 '22 at 17:17
  • Only got what you meant now -- sorry. Still, this seems an unfair statement: NP-hard means "any problem which is hard for a classical computer -- in fact, as hard as you want". This e.g. includes problems which are undecidable, for instance. So this really just says "there are problems which are hard even for quantum computers" -- but the problems you bring up are clearly outside NP. – Norbert Schuch Dec 10 '22 at 17:18
  • "What about solving NP-complete problems like SAT? Anything else?" -- All NP-complete problems are in NP, and thus in QMA. – Norbert Schuch Dec 10 '22 at 17:56